The Elephant in the Room: Why Security Programs Fail

elephant in the room

As a Principal with Praetorian, I’ve had the privilege of working with hundreds of clients, from fast growth startups to Fortune 500 giants. As we’ve performed red team exercises simulating an advanced persistent threat against our clients, I’ve seen that (much) more often than not we are able to compromise their “crown jewels.” In several cases it has only taken hours to become privileged admins inside the networks of Fortune 100 companies. I believe our security engineers are amongst some of the best, but I can only imagine nation states and certain criminal organizations are able to achieve similar accesses as quickly.

There is an elephant in the room for cybersecurity. The uncomfortable truth of the current state is that many organizations will struggle and ultimately fail to keep a sophisticated attacker from breaching critical assets. This truth persists despite technical innovations, smart people, and billions of dollars invested.

Through many conversations with security leaders, I’ve come to the opinion that many security programs spend too much time and money on things that do not appreciably reduce their organization’s risk. Lots of effort, insufficient results. Although my experience is anecdotal, I’ve seen a number of common factors that contribute to security program ineffectiveness.

From these same conversations, I’ve also found common characteristics of security programs that demonstrate the sustained ability to keep attackers at bay.
These challenges and opportunities have been captured in our new whitepaper, The Elephant in the Room: Why Security Programs Fail. Download the whitepaper.

icon-praetorian-

See Praetorian in Action

Request a 30-day free trial of our Managed Continuous Threat Exposure Management solution.

About the Authors

Matthew Eble

Matthew Eble

Matthew works with clients to understand their security needs and challenges, and then suggests strategies to solve those problems in risk-informed ways.

Catch the Latest

Catch our latest exploits, news, articles, and events.

Ready to Discuss Your Next Continuous Threat Exposure Management Initiative?

Praetorian’s Offense Security Experts are Ready to Answer Your Questions